ChunkParser: Incorrect decoding of small xml files if encoding was autodetected, in xmlParseChunk, if initial size is 86 (a chunk in UTF-16 encoding), the code that tries to read only the first line will set the size to 90, which eventually leads to a memmove of 90 bytes (in xmlBufferAdd) which will copy extra random memory bytes, which will make the parser to fail because of these extra bytes.

commit: ba9716a1978001d5a7560cfcf46fe4846c36bbc0 [log] [tgz]
author: Raul Hudea <rhudea@adobe.com> Mon Mar 15 10:13:29 2010 +0100
committer: Daniel Veillard <veillard@redhat.com> Mon Mar 15 10:13:29 2010 +0100
tree: 7dcba34176c062a0b5574801102274b5768580a9
parent: a7a6a4b2f39b6bc2973eed8b0fb7cf917a171487 [diff]
diff --git a/parser.c b/parser.c
index 0834d13..85e7599 100644
--- a/parser.c
+++ b/parser.c

@@ -11562,8 +11562,17 @@
             if (ctxt->input->buf->rawconsumed < len)
                 len -= ctxt->input->buf->rawconsumed;
 
-            remain = size - len;
-            size = len;
+            /*
+             * Change size for reading the initial declaration only
+             * if size is greater than len. Otherwise, memmove in xmlBufferAdd
+             * will blindly copy extra bytes from memory.
+             */
+            if (size > len) {
+                remain = size - len;
+                size = len;
+            } else {
+                remain = 0;
+            }
         }
 	res =xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
 	if (res < 0) {
commit	ba9716a1978001d5a7560cfcf46fe4846c36bbc0	[log] [tgz]
author	Raul Hudea <rhudea@adobe.com>	Mon Mar 15 10:13:29 2010 +0100
committer	Daniel Veillard <veillard@redhat.com>	Mon Mar 15 10:13:29 2010 +0100
tree	7dcba34176c062a0b5574801102274b5768580a9
parent	a7a6a4b2f39b6bc2973eed8b0fb7cf917a171487 [diff]